<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <title>HTTPS | Node.js v6.9.4 Documentation</title>
  <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Lato:400,700,400italic">
  <link rel="stylesheet" href="assets/style.css">
  <link rel="stylesheet" href="assets/sh.css">
  <link rel="canonical" href="https://nodejs.org/api/https.html">
</head>
<body class="alt apidoc" id="api-section-https">
  <div id="content" class="clearfix">
    <div id="column2" class="interior">
      <div id="intro" class="interior">
        <a href="/" title="Go back to the home page">
          Node.js
        </a>
      </div>
      <ul>
<li><a class="nav-documentation" href="documentation.html">About these Docs</a></li>
<li><a class="nav-synopsis" href="synopsis.html">Usage &amp; Example</a></li>
</ul>
<div class="line"></div>

<ul>
<li><a class="nav-assert" href="assert.html">Assertion Testing</a></li>
<li><a class="nav-buffer" href="buffer.html">Buffer</a></li>
<li><a class="nav-addons" href="addons.html">C/C++ Addons</a></li>
<li><a class="nav-child_process" href="child_process.html">Child Processes</a></li>
<li><a class="nav-cluster" href="cluster.html">Cluster</a></li>
<li><a class="nav-cli" href="cli.html">Command Line Options</a></li>
<li><a class="nav-console" href="console.html">Console</a></li>
<li><a class="nav-crypto" href="crypto.html">Crypto</a></li>
<li><a class="nav-debugger" href="debugger.html">Debugger</a></li>
<li><a class="nav-dns" href="dns.html">DNS</a></li>
<li><a class="nav-domain" href="domain.html">Domain</a></li>
<li><a class="nav-errors" href="errors.html">Errors</a></li>
<li><a class="nav-events" href="events.html">Events</a></li>
<li><a class="nav-fs" href="fs.html">File System</a></li>
<li><a class="nav-globals" href="globals.html">Globals</a></li>
<li><a class="nav-http" href="http.html">HTTP</a></li>
<li><a class="nav-https active" href="https.html">HTTPS</a></li>
<li><a class="nav-modules" href="modules.html">Modules</a></li>
<li><a class="nav-net" href="net.html">Net</a></li>
<li><a class="nav-os" href="os.html">OS</a></li>
<li><a class="nav-path" href="path.html">Path</a></li>
<li><a class="nav-process" href="process.html">Process</a></li>
<li><a class="nav-punycode" href="punycode.html">Punycode</a></li>
<li><a class="nav-querystring" href="querystring.html">Query Strings</a></li>
<li><a class="nav-readline" href="readline.html">Readline</a></li>
<li><a class="nav-repl" href="repl.html">REPL</a></li>
<li><a class="nav-stream" href="stream.html">Stream</a></li>
<li><a class="nav-string_decoder" href="string_decoder.html">String Decoder</a></li>
<li><a class="nav-timers" href="timers.html">Timers</a></li>
<li><a class="nav-tls" href="tls.html">TLS/SSL</a></li>
<li><a class="nav-tty" href="tty.html">TTY</a></li>
<li><a class="nav-dgram" href="dgram.html">UDP/Datagram</a></li>
<li><a class="nav-url" href="url.html">URL</a></li>
<li><a class="nav-util" href="util.html">Utilities</a></li>
<li><a class="nav-v8" href="v8.html">V8</a></li>
<li><a class="nav-vm" href="vm.html">VM</a></li>
<li><a class="nav-zlib" href="zlib.html">ZLIB</a></li>
</ul>
<div class="line"></div>

<ul>
<li><a class="nav-https-github-com-nodejs-node" href="https://github.com/nodejs/node">GitHub Repo &amp; Issue Tracker</a></li>
<li><a class="nav-http-groups-google-com-group-nodejs" href="http://groups.google.com/group/nodejs">Mailing List</a></li>
</ul>

    </div>

    <div id="column1" data-id="https" class="interior">
      <header>
        <h1>Node.js v6.9.4 Documentation</h1>
        <div id="gtoc">
          <p>
            <a href="index.html" name="toc">Index</a> |
            <a href="all.html">View on single page</a> |
            <a href="https.json">View as JSON</a>
          </p>
        </div>
        <hr>
      </header>

      <div id="toc">
        <h2>Table of Contents</h2>
        <ul>
<li><span class="stability_2"><a href="#https_https">HTTPS</a></span><ul>
<li><span class="stability_undefined"><a href="#https_class_https_agent">Class: https.Agent</a></span></li>
<li><span class="stability_undefined"><a href="#https_class_https_server">Class: https.Server</a></span><ul>
<li><span class="stability_undefined"><a href="#https_server_settimeout_msecs_callback">server.setTimeout(msecs, callback)</a></span></li>
<li><span class="stability_undefined"><a href="#https_server_timeout">server.timeout</a></span></li>
</ul>
</li>
<li><span class="stability_undefined"><a href="#https_https_createserver_options_requestlistener">https.createServer(options[, requestListener])</a></span><ul>
<li><span class="stability_undefined"><a href="#https_server_close_callback">server.close([callback])</a></span></li>
<li><span class="stability_undefined"><a href="#https_server_listen_handle_callback">server.listen(handle[, callback])</a></span></li>
<li><span class="stability_undefined"><a href="#https_server_listen_path_callback">server.listen(path[, callback])</a></span></li>
<li><span class="stability_undefined"><a href="#https_server_listen_port_host_backlog_callback">server.listen(port[, host][, backlog][, callback])</a></span></li>
</ul>
</li>
<li><span class="stability_undefined"><a href="#https_https_get_options_callback">https.get(options, callback)</a></span></li>
<li><span class="stability_undefined"><a href="#https_https_globalagent">https.globalAgent</a></span></li>
<li><span class="stability_undefined"><a href="#https_https_request_options_callback">https.request(options, callback)</a></span></li>
</ul>
</li>
</ul>

      </div>

      <div id="apicontent">
        <h1>HTTPS<span><a class="mark" href="#https_https" id="https_https">#</a></span></h1>
<pre class="api_stability api_stability_2">Stability: 2 - Stable</pre><p>HTTPS is the HTTP protocol over TLS/SSL. In Node.js this is implemented as a
separate module.</p>
<h2>Class: https.Agent<span><a class="mark" href="#https_class_https_agent" id="https_class_https_agent">#</a></span></h2>
<div class="api_metadata">
<span>Added in: v0.4.5</span>
</div><p>An Agent object for HTTPS similar to <a href="http.html#http_class_http_agent"><code>http.Agent</code></a>.  See <a href="#https_https_request_options_callback"><code>https.request()</code></a>
for more information.</p>
<h2>Class: https.Server<span><a class="mark" href="#https_class_https_server" id="https_class_https_server">#</a></span></h2>
<div class="api_metadata">
<span>Added in: v0.3.4</span>
</div><p>This class is a subclass of <code>tls.Server</code> and emits events same as
<a href="http.html#http_class_http_server"><code>http.Server</code></a>. See <a href="http.html#http_class_http_server"><code>http.Server</code></a> for more information.</p>
<h3>server.setTimeout(msecs, callback)<span><a class="mark" href="#https_server_settimeout_msecs_callback" id="https_server_settimeout_msecs_callback">#</a></span></h3>
<div class="api_metadata">
<span>Added in: v0.11.2</span>
</div><p>See <a href="http.html#http_server_settimeout_msecs_callback"><code>http.Server#setTimeout()</code></a>.</p>
<h3>server.timeout<span><a class="mark" href="#https_server_timeout" id="https_server_timeout">#</a></span></h3>
<div class="api_metadata">
<span>Added in: v0.11.2</span>
</div><p>See <a href="http.html#http_server_timeout"><code>http.Server#timeout</code></a>.</p>
<h2>https.createServer(options[, requestListener])<span><a class="mark" href="#https_https_createserver_options_requestlistener" id="https_https_createserver_options_requestlistener">#</a></span></h2>
<div class="api_metadata">
<span>Added in: v0.3.4</span>
</div><p>Returns a new HTTPS web server object. The <code>options</code> is similar to
<a href="tls.html#tls_tls_createserver_options_secureconnectionlistener"><code>tls.createServer()</code></a>.  The <code>requestListener</code> is a function which is
automatically added to the <code>&#39;request&#39;</code> event.</p>
<p>Example:</p>
<pre><code class="lang-js">// curl -k https://localhost:8000/
const https = require(&#39;https&#39;);
const fs = require(&#39;fs&#39;);

const options = {
  key: fs.readFileSync(&#39;test/fixtures/keys/agent2-key.pem&#39;),
  cert: fs.readFileSync(&#39;test/fixtures/keys/agent2-cert.pem&#39;)
};

https.createServer(options, (req, res) =&gt; {
  res.writeHead(200);
  res.end(&#39;hello world\n&#39;);
}).listen(8000);
</code></pre>
<p>Or</p>
<pre><code class="lang-js">const https = require(&#39;https&#39;);
const fs = require(&#39;fs&#39;);

const options = {
  pfx: fs.readFileSync(&#39;server.pfx&#39;)
};

https.createServer(options, (req, res) =&gt; {
  res.writeHead(200);
  res.end(&#39;hello world\n&#39;);
}).listen(8000);
</code></pre>
<h3>server.close([callback])<span><a class="mark" href="#https_server_close_callback" id="https_server_close_callback">#</a></span></h3>
<div class="api_metadata">
<span>Added in: v0.1.90</span>
</div><p>See <a href="http.html#http_server_close_callback"><code>http.close()</code></a> for details.</p>
<h3>server.listen(handle[, callback])<span><a class="mark" href="#https_server_listen_handle_callback" id="https_server_listen_handle_callback">#</a></span></h3>
<h3>server.listen(path[, callback])<span><a class="mark" href="#https_server_listen_path_callback" id="https_server_listen_path_callback">#</a></span></h3>
<h3>server.listen(port[, host][, backlog][, callback])<span><a class="mark" href="#https_server_listen_port_host_backlog_callback" id="https_server_listen_port_host_backlog_callback">#</a></span></h3>
<p>See <a href="http.html#http_server_listen_port_hostname_backlog_callback"><code>http.listen()</code></a> for details.</p>
<h2>https.get(options, callback)<span><a class="mark" href="#https_https_get_options_callback" id="https_https_get_options_callback">#</a></span></h2>
<div class="api_metadata">
<span>Added in: v0.3.6</span>
</div><p>Like <a href="http.html#http_http_get_options_callback"><code>http.get()</code></a> but for HTTPS.</p>
<p><code>options</code> can be an object or a string. If <code>options</code> is a string, it is
automatically parsed with <a href="url.html#url_url_parse_urlstring_parsequerystring_slashesdenotehost"><code>url.parse()</code></a>.</p>
<p>Example:</p>
<pre><code class="lang-js">const https = require(&#39;https&#39;);

https.get(&#39;https://encrypted.google.com/&#39;, (res) =&gt; {
  console.log(&#39;statusCode:&#39;, res.statusCode);
  console.log(&#39;headers:&#39;, res.headers);

  res.on(&#39;data&#39;, (d) =&gt; {
    process.stdout.write(d);
  });

}).on(&#39;error&#39;, (e) =&gt; {
  console.error(e);
});
</code></pre>
<h2>https.globalAgent<span><a class="mark" href="#https_https_globalagent" id="https_https_globalagent">#</a></span></h2>
<div class="api_metadata">
<span>Added in: v0.5.9</span>
</div><p>Global instance of <a href="#https_class_https_agent"><code>https.Agent</code></a> for all HTTPS client requests.</p>
<h2>https.request(options, callback)<span><a class="mark" href="#https_https_request_options_callback" id="https_https_request_options_callback">#</a></span></h2>
<div class="api_metadata">
<span>Added in: v0.3.6</span>
</div><p>Makes a request to a secure web server.</p>
<p><code>options</code> can be an object or a string. If <code>options</code> is a string, it is
automatically parsed with <a href="url.html#url_url_parse_urlstring_parsequerystring_slashesdenotehost"><code>url.parse()</code></a>.</p>
<p>All options from <a href="http.html#http_http_request_options_callback"><code>http.request()</code></a> are valid.</p>
<p>Example:</p>
<pre><code class="lang-js">const https = require(&#39;https&#39;);

var options = {
  hostname: &#39;encrypted.google.com&#39;,
  port: 443,
  path: &#39;/&#39;,
  method: &#39;GET&#39;
};

var req = https.request(options, (res) =&gt; {
  console.log(&#39;statusCode:&#39;, res.statusCode);
  console.log(&#39;headers:&#39;, res.headers);

  res.on(&#39;data&#39;, (d) =&gt; {
    process.stdout.write(d);
  });
});

req.on(&#39;error&#39;, (e) =&gt; {
  console.error(e);
});
req.end();
</code></pre>
<p>The options argument has the following options</p>
<ul>
<li><code>host</code>: A domain name or IP address of the server to issue the request to.
Defaults to <code>&#39;localhost&#39;</code>.</li>
<li><code>hostname</code>: Alias for <code>host</code>. To support <code>url.parse()</code> <code>hostname</code> is
preferred over <code>host</code>.</li>
<li><code>family</code>: IP address family to use when resolving <code>host</code> and <code>hostname</code>.
Valid values are <code>4</code> or <code>6</code>. When unspecified, both IP v4 and v6 will be
used.</li>
<li><code>port</code>: Port of remote server. Defaults to 443.</li>
<li><code>localAddress</code>: Local interface to bind for network connections.</li>
<li><code>socketPath</code>: Unix Domain Socket (use one of host:port or socketPath).</li>
<li><code>method</code>: A string specifying the HTTP request method. Defaults to <code>&#39;GET&#39;</code>.</li>
<li><code>path</code>: Request path. Defaults to <code>&#39;/&#39;</code>. Should include query string if any.
E.G. <code>&#39;/index.html?page=12&#39;</code>. An exception is thrown when the request path
contains illegal characters. Currently, only spaces are rejected but that
may change in the future.</li>
<li><code>headers</code>: An object containing request headers.</li>
<li><code>auth</code>: Basic authentication i.e. <code>&#39;user:password&#39;</code> to compute an
Authorization header.</li>
<li><code>agent</code>: Controls <a href="#https_class_https_agent"><code>Agent</code></a> behavior. When an Agent is used request will
default to <code>Connection: keep-alive</code>. Possible values:<ul>
<li><code>undefined</code> (default): use <a href="#https_https_globalagent"><code>globalAgent</code></a> for this host and port.</li>
<li><code>Agent</code> object: explicitly use the passed in <code>Agent</code>.</li>
<li><code>false</code>: opts out of connection pooling with an Agent, defaults request to
<code>Connection: close</code>.</li>
</ul>
</li>
</ul>
<p>The following options from <a href="tls.html#tls_tls_connect_options_callback"><code>tls.connect()</code></a> can also be specified:</p>
<ul>
<li><code>pfx</code>: Certificate, Private key and CA certificates to use for SSL. Default <code>null</code>.</li>
<li><code>key</code>: Private key to use for SSL. Default <code>null</code>.</li>
<li><code>passphrase</code>: A string of passphrase for the private key or pfx. Default <code>null</code>.</li>
<li><code>cert</code>: Public x509 certificate to use. Default <code>null</code>.</li>
<li><code>ca</code>: A string, <a href="buffer.html#buffer_buffer"><code>Buffer</code></a> or array of strings or <a href="buffer.html#buffer_buffer"><code>Buffer</code></a>s of trusted
certificates in PEM format. If this is omitted several well known &quot;root&quot;
CAs will be used, like VeriSign. These are used to authorize connections.</li>
<li><code>ciphers</code>: A string describing the ciphers to use or exclude. Consult
<a href="https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT">https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT</a> for
details on the format.</li>
<li><code>rejectUnauthorized</code>: If <code>true</code>, the server certificate is verified against
the list of supplied CAs. An <code>&#39;error&#39;</code> event is emitted if verification
fails. Verification happens at the connection level, <em>before</em> the HTTP
request is sent. Default <code>true</code>.</li>
<li><code>secureProtocol</code>: The SSL method to use, e.g. <code>SSLv3_method</code> to force
SSL version 3. The possible values depend on your installation of
OpenSSL and are defined in the constant <a href="https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS"><code>SSL_METHODS</code></a>.</li>
<li><code>servername</code>: Servername for SNI (Server Name Indication) TLS extension.</li>
</ul>
<p>In order to specify these options, use a custom <a href="#https_class_https_agent"><code>Agent</code></a>.</p>
<p>Example:</p>
<pre><code class="lang-js">var options = {
  hostname: &#39;encrypted.google.com&#39;,
  port: 443,
  path: &#39;/&#39;,
  method: &#39;GET&#39;,
  key: fs.readFileSync(&#39;test/fixtures/keys/agent2-key.pem&#39;),
  cert: fs.readFileSync(&#39;test/fixtures/keys/agent2-cert.pem&#39;)
};
options.agent = new https.Agent(options);

var req = https.request(options, (res) =&gt; {
  ...
});
</code></pre>
<p>Alternatively, opt out of connection pooling by not using an <code>Agent</code>.</p>
<p>Example:</p>
<pre><code class="lang-js">var options = {
  hostname: &#39;encrypted.google.com&#39;,
  port: 443,
  path: &#39;/&#39;,
  method: &#39;GET&#39;,
  key: fs.readFileSync(&#39;test/fixtures/keys/agent2-key.pem&#39;),
  cert: fs.readFileSync(&#39;test/fixtures/keys/agent2-cert.pem&#39;),
  agent: false
};

var req = https.request(options, (res) =&gt; {
  ...
});
</code></pre>

      </div>
    </div>
  </div>
  <script src="assets/sh_main.js"></script>
  <script src="assets/sh_javascript.min.js"></script>
  <script>highlight(undefined, undefined, 'pre');</script>
</body>
</html>

